During the Winter Strategic Meeting this past January, MTI established a new committee focused on best practices in cybersecurity and DEFARS. In this new age of connectivity and the Internet of Things, protecting information and processes coming in and going out electronically is critical to any heat-treat operation. Training is also becoming very important in this area.
Dangers of Not Training
Ransomware will be one of the most common security breaches in 2019. Ransomware and security breaches like it can wreak havoc on a business’s infrastructure. Given proper training, these types of attacks are easy to avoid.
Besides the risk of losing valuable information, you may also experience loss of business. Unfortunately, victims of a cybersecurity breach typically suffer financial or reputational damage. Compromised information usually results in customers pulling away from the affected business, and some of those customers may also seek litigation. By contrast, proper cybersecurity training will limit the risk of a breach, thus keeping your customers happy.
What should I include in my cybersecurity training?
Not all training programs are created equal, but some fundamentals are required to get the biggest bang for your buck. Here are a few topics that will help you create a balanced and educational training program.
- Phishing – Know how to spot and avoid phishing attacks. Phishing e-mails can look very convincing, and accidentally giving away personal or business information can compromise your business.
- Website Safety – At work and at home, it is important to know that many websites cannot be blindly trusted. Even websites that look legitimate can be malicious if the address is wrong by one letter.
- Password Creation – This may be one of the most important lessons in cybersecurity. Employees need to create strong passwords that are easy to remember. A strong password should be a sentence or phrase. Make sure to include numbers and symbols into your password as well.
In addition to having strong passwords, two-factor authentication (2FA) will help add another layer of security to your accounts. 2FA works by requiring users to input another code provided by something the user physically has (such as a smartphone).
MTI’s new cybersecurity committee kicked off its work this past month discussing in great detail the National Institute of Standards and Technology (NIST) cybersecurity specifications. With the NIST being so complex, the committee discussed how it could break the spec down into bite-size pieces for MTI members to understand and take action.
The following action steps were agreed to be taken in the coming months:
- Focus on three verticals – general industry, aerospace (DEFARS) and government contracts – impacted in heat treating.
- Develop a series of articles on cybersecurity 101 to help educate heat treaters.
- Develop a checklist of key elements to have in a company’s information security policy (ISP). It is crucial in business today that every plant have an ISP.
- Develop a checklist for members to assess their overall plant vulnerabilities, gaps and risks in their current operations as it relates to potential cyber-attacks.
- Present the best practices for purchasing cybersecurity insurance.
- Identify potential funding available at universities for performing cybersecurity gap analysis.
MTI is already hearing of instances of ransomware and phishing attacks. With operations, accounting, quality and equipment being so interconnected, it is important you sit down with your team and discuss where your vulnerabilities are and the level of training your plant operation needs. Do it sooner rather than later.